back to article Conficker variant dispenses with need to phone home

Virus authors have released a new variant of the infamous Conficker (Downadup) worm with enhanced auto-update features. The changes in the new strain of the malware, dubbed Conficker B++, make it possible for malware authors to push out new code without publishing it on pre-programmed sites, as with earlier variants. The …

COMMENTS

This topic is closed for new posts.
  1. Gerrit Hoekstra
    Paris Hilton

    Another half job well done

    "... The earlier approach has been frustrated by the recent formation of an alliance led by Microsoft geared up to block and take down sites associated with the worm."

    Well, stone the crows - rather than fix their insecure O/S, MS merely succeeded in 'frustrating' the VX'ers, who then promply found a work-around. So well done there.

    Who was the other member of MS's so-called 'alliance' - Paris?

  2. amanfromMars Silver badge
    Pirate

    For our American cousins ..... Phormer Colonials

    That's one SMART worm to MetaDataMorph into an Asp Networking Renegade/Rogue in Systems.

    Perfect for AIRenaissance, Mr President? Or are you stuck with the B Team and Sub-Prime Intelligence Facilities, which of course you aren't, if you are Minded to Think on IT?

    cc. 1600 Pennsylvania Avenue NW, Washington, DC 20500

  3. Nicholas Ettel
    Flame

    @Gerrit Hoekstra

    Your supposition is amazing its ignorance. Microsoft fixed the vulnerability being exploited by Conficker/Downadup last October - specifically, 15 Oct 08 with patch MS08-067. Not to mention that removal tools have been available from Microsoft, Symantec, Sophos, Kaspersky Labs and McAfee for almost as long. However, there are apparently ~10 million ignorant/stupid users (as well as corporate IT admins) that haven't patched their systems. So, sure, blame Microsoft for allowing a vulnerability in their OS if you want (because, you know, no other OS has any vulnerabilities whatsoever), but blame the users, too, who have failed their part of the security cycle.

    At least something was being done to frustrate the virus that's out there, to help the users when they can't/won't help themselves. For all of Microsoft's vile business practices and software asshat-ery, at least they're pretty damned quick to respond to vulnerabilities such as this and fairly transparent/open in the process (at least, on the outside).

  4. Steve

    @ Gerrit

    Please - don't you have a ubuntu install to patch (again!) or a SSL cert to re-issue?

    Back under your bridge.

  5. The Light of the Silvery Moon

    @Nicholas

    Well said!

    At least Microsoft is doing something about this..... and, if the same or similar vulnerability appeared in one of the open source os's, I'd be pretty surprised if their 'owners' did as much

  6. Pierre

    @ Nicholas Ettel

    Oh puh-leese. As long as autorun is on by default (and sneakyly turned back on each time you look away from the machine), nobody can pretend that MS is even trying. MS08-067 was only an entry point, not the main vuln. Proof is, the new variant don't need it. MS didn't patch anything, and they are trying to look like security-conscious people by buying thousands of domain names to avoid fixing their crappy code. That is all.

    That said, event the most perfect code cannot be 100% foolproof, and users are not entirely innocent here. Then again, MS spent so much time and money purposely dumbing down the average user that they are quite a bit responsible for that too.

  7. Rob Crawford

    @Pierre

    You have unusually high expectations off the average user.

    Having been in the IT industry since the early 80s I can assure that the average user is the laziest and most facile creature on earth.

    They want everything done for them.

    But hey yeah lets blame microsoft it's easier than actually doing anuthing.

  8. Sitaram Chamarty
    Stop

    "machines"? please be more specific!

    Dear Reg,

    Can you at least, of all the IT mags/rags out there, stop calling them "machines"? I own 3, and administer 4 more, and none of them -- even if they are put on the internet as is, will get infected.

    Please, pretty please with bells on, call them what they are: "Windows PCs."

    And to those who said MS is "doing something", yes they are. By co-opting half of the internet to form a "posse", they made you think it's not their fault. (Why in blazes does a USB stick need autorun, FFS!!!)

  9. Pierre
    Thumb Down

    @ Rob Crawford

    WTF? I mean, seriously?

    "But hey yeah lets blame microsoft it's easier than actually doing anuthing."

    Doing things... like wasting my time disabling the extension hiding, autorun and al. stupid "options" that MS forces on my lusers and which tricks them into being even more stupid than they would have been naturally? Something like that?

    Also, the warning box: " are you sure you want to run this .exe knowing that this OS is full of holes allowing privilege escalation. Click yes now." needs to be replaced by "Sorry you don't have the right to install this shit you just received by e-mail. Contact your sysadmin if you're craving LART", which takes time.

This topic is closed for new posts.

Other stories you might like